The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. (“FINRA”) recently published a cybersecurity advisory regarding increasing cybersecurity risks at third-party providers (the “Cybersecurity Advisory”). The Cybersecurity Advisory highlights third-party risks to FINRA member firms and effective practices to mitigate such risks.
FINRA’s advisory comes at a time when third-party cyber risk is regularly in the headlines. The Cybersecurity Advisory cites to several third-party incidents in the recent past that impacted member firms, such as the 2023 MOVEit incident, which has been monitored by FINRA over the last year. While the Cybersecurity Advisory does not establish new legal or regulatory requirements, FINRA urges member firms to consider the advisory as they review or update their existing third-party outsourcing/vendor, including cybersecurity, policies and practices.
Read our Legal Update.